Report Keynote BHS 2019 by Elsine van Os

Wrap-up report Black Hat Sessions 2019 - Keynote Elsine van Os written by Ena Kurtovic - 31 July 2019

The closing keynote of Secura’s BHS 2019 was presented by Elsine van Os, the versatile powerwoman who is currently the CEO and founder of Signpost Six, insider risk management consultancy firm, security expert with a background in high-risk environments, a clinical psychologist and intelligence expert. In her speech ‘Blended threats: espionage from a human tradecraft perspective’, she talked about  economic espionage and technology theft specifically focused on Chinese intelligence market. Below you will find a brief report written by Ena Kurtovic, Security Analyst at Secura.

keynote elsine van os black hat sessions annual security conference secura

Economic growth and high-tech military advancement of certain countries like China is heavily relying on espionage, and this is far from being breaking news. But how big is China’s piece of cake, what methods of outreach do their intelligence services use, and who are the prime targets of their recruiters - the answers to these questions were definitely less known and more shocking.

Elsine guided the audience through the journeys of three malicious insiders, individuals recruited by the Chinese intelligence services for the purpose of economic espionage and technology theft.

It all starts with a breakdown of the structure such services operating in China. The nation-wide espionage efforts originate mainly from four clusters:

  • MSS, or the Ministry of State Security –  the civilian intel service, a combination between the CIA and FBI, conducting humint, cyber and counterintelligence operations;
  • PLA, or the People’s Liberation Army – representing the military angle, conducting military, economic and political espionage;
  • 50.000 state-owned enterprises – companies in tech and military spheres;
  • others – including companies, departments, ministries, universities, with estimated 70% of all Chinese espionage coming from this cluster.

These intelligence services preferably but not solely choose targets within the country, such as diplomats, government officials, academics, journalists, business persons, scholars and student exchanges programs. But what does it take to recruit a western man who has interesting access to materials?

The first such case is Kevin Mallory, who has a Taiwanese wife, fluently speaks Mandarin in Church and at home, an ex-CIA agent who was struggling with debt. He received a LinkedIn message offering him a consultancy position at the Shanghai Academy of Social Sciences. Mallory agreed to meet for an interview in Shanghai, not aware that he is meeting up with MSS operatives until he was asked to meet up in an hotel room. In the end, he accepted their proposal and returned with a Samsung phone as a covert communications device, which was later used as evidence against him. After stealing commercial secrets on an SD card and receiving payments, Mallory reached out to former CIA colleagues offering to pose as a double agent. The ex-colleagues became very suspicious and contacted the CIA, which finally lead to his arrest.

So, why did Malroy derail? Elsine dissected the path that led Malroy to his downfall, as well as the red flags in his behaviour. His personal background included social network risks - being a Chinese speaker and like-minded to their culture made him a perfect target. The stressors in his life – not having a consistent income from his consultancy job and being in debt, led him to accept an offer for additional income. The recurring travel he made to China shows concerning behaviour, as well as reaching out to former colleagues for information. Finally, with the addition of having a set out crime script – copying the data on an SD card, getting himself too deep into the crime, led to his arrest and prosecution.

The following case of Gregg Bergersen, who worked as an analyst at the Pentagon's Defense Security Cooperation Agency, showed how one of the people with nation's highest security clearances cheaply accepts selling military secrets to Tai Shen Kuo, a spy for the People's Republic of China. The secret information that interested Chinese operatives was: what kind of weapons America was planning to sell to Taiwan. Fortunately enough, the exchange was caught on tape, and Bergersen was subsequently arrested.

Elsine presented the last case of Hanjuan Jin, a former computer engineer at Motorola who was stopped at O’Hare International Airport with illegally downloaded Motorola’s business secrets. Hanjuan’s behavior also implied that something was well off – she was accessing her workplace and downloading files during and outside of work hours, while on medical leave in China, and buying a one-way ticket to ‘visit her mother’ after emptying her bank account, should have raised alarms way sooner. At the time that she was stealing these documents, she was simultaneously employed by Lenco, a direct supplier for Huawei. According to Elsine, this was the start of the contentious issues we see around Huawei today.

There were several lessons that Elsine wanted to share with us as the wrap-up of her presentation:

  • Chinese espionage is not new. It is a continuation of a long-term concentrated effort, although growing exponentially, as she emphasized before;
  • Growing awareness of blended threats is crucial - behavioural, physical and technical; thinking broader – what is inside of the organization, how to notice signals on a behavioural level and how to manage this within an organization;
  • There is a need to join forces and integrate expertise and skills in battling not only espionage, but people who derail, commit acts of sabotage, fraud, corruption and the behavioral signals that are present way before the technical display.

Elsine definitely opened the eyes of the audience by showing how vast and advanced is Chinese espionage, how they recruit and use people to hide their acts of theft in plain sight, and how we as security professionals need to join efforts and combine our skill sets in order to manage such threats in our organizations and surroundings.

 Click for more BHS reports

Are you interested in participating? Keep up to date with the latest news about the Black Hat Sessions (BHS), receive exclusive (early bird) discounts and secure your seat for interactive workshops. Sign up for our periodical newsletter and we will keep your informed.

 Keep me informed

@ Secura 2020
Webdesign Studio HB / webdevelopment Medusa